// Copyright (c) 2009 DMTF. All rights reserved. [Version ( "2.22.0" ), UMLPackagePath ( "CIM::Network::IEEE8021x" ), Description ( "IEEE8021xSettings specifies a set of IEEE 802.1x Port-Based " "Network Access Control settings that can be applied to a ISO " "OSI layer 2 ProtocolEndpoint." )] class CIM_IEEE8021xSettings : CIM_SettingData { [Description ( "AuthenticationProtocol shall indicate the desired EAP " "(Extensible Authentication Protocol) type.\n" "\t* EAP-TLS (0): shall indicate that the desired EAP " "type is the Transport Layer Security EAP type specified " "in RFC 2716. If AuthenticationProtocol contains 0, " "Username should not be null, ServerCertificateName and " "ServerCertificateNameComparison may be null or not null, " "and RoamingIdentity, Password, Domain, " "ProtectedAccessCredential, PACPassword, and PSK should " "be null.\n" "\t* EAP-TTLS/MSCHAPv2 (1): shall indicate that the " "desired EAP type is the Tunneled TLS Authentication " "Protocol EAP type specified in " "draft-ietf-pppext-eap-ttls, with Microsoft PPP CHAP " "Extensions, Version 2 (MSCHAPv2) as the inner " "authentication method. If AuthenticationProtocol " "contains 1, Username and Password should not be null, " "RoamingIdentity, ServerCertificateName, " "ServerCertificateNameComparison, and Domain may be null " "or not null, and ProtectedAccessCredential, PACPassword, " "and PSK should be null.\n" "\t* PEAPv0/EAP-MSCHAPv2 (2): shall indicate that the " "desired EAP type is the Protected Extensible " "Authentication Protocol (PEAP) Version 0 EAP type " "specified in draft-kamath-pppext-peapv0, with Microsoft " "PPP CHAP Extensions, Version 2 (MSCHAPv2) as the inner " "authentication method. If AuthenticationProtocol " "contains2, Username and Password should not be null, " "RoamingIdentity, ServerCertificateName, " "ServerCertificateNameComparison, and Domain may be null " "or not null, and ProtectedAccessCredential, PACPassword, " "and PSK should be null.\n" "\t* PEAPv1/EAP-GTC (3): shall indicate that the desired " "EAP type is the Protected Extensible Authentication " "Protocol (PEAP) Version 1 EAP type specified in " "draft-josefsson-pppext-eap-tls-eap, with Generic Token " "Card (GTC) as the inner authentication method. If " "AuthenticationProtocol contains 3, Username and Password " "should not be null, RoamingIdentity, " "ServerCertificateName, ServerCertificateNameComparison, " "and Domain may be null or not null, and " "ProtectedAccessCredential, PACPassword, and PSK should " "be null.\n" "\t* EAP-FAST/MSCHAPv2 (4): shall indicate that the " "desired EAP type is the Flexible Authentication " "Extensible Authentication Protocol EAP type specified in " "IETF RFC 4851, with Microsoft PPP CHAP Extensions, " "Version 2 (MSCHAPv2) as the inner authentication method. " "If AuthenticationProtocol contains 4, Username and " "Password should not be null, RoamingIdentity, " "ServerCertificateName, ServerCertificateNameComparison, " "Domain, ProtectedAccessCredential, and PACPassword may " "be null or not null, and PSK should be null.\n" "\t* EAP-FAST/GTC (5): shall indicate that the desired " "EAP type is the Flexible Authentication Extensible " "Authentication Protocol EAP type specified in IETF RFC " "4851, with Generic Token Card (GTC) as the inner " "authentication method. If AuthenticationProtocol " "contains 5, Username and Password should not be null, " "RoamingIdentity, ServerCertificateName, " "ServerCertificateNameComparison, Domain, " "ProtectedAccessCredential, and PACPassword may be null " "or not null, and PSK should be null.\n" "\t* EAP-MD5 (6): shall indicate that the desired EAP " "type is the EAP MD5 authentication method, specified in " "RFC 3748. If AuthenticationProtocol contains 6, Username " "and Password should not be null, Domain may be null or " "not null, and RoamingIdentity, ServerCertificateName, " "ServerCertificateNameComparison, " "ProtectedAccessCredential, PACPassword, and PSK should " "be null.\n" "\t* EAP-PSK (7): shall indicate that the desired EAP " "type is the EAP-PSK (Pre-Shared Key) EAP type specified " "in RFC 4764. If AuthenticationProtocol contains 7, " "Username and PSK should not be null, Domain and " "RoamingIdentity may be null or not null, and Password, " "ServerCertificateName, ServerCertificateNameComparison, " "ProtectedAccessCredential, and PACPassword should be null.\n" "\t* EAP-SIM (8): shall indicate that the desired EAP " "type is the Extensible Authentication Protocol Method " "for Global System for Mobile Communications (GSM) " "Subscriber Identity Modules (EAP-SIM), specified in RFC " "4186. If AuthenticationProtocol contains 8, Username and " "PSK should not be null, Domain and RoamingIdentity may " "be null or not null, and Password, " "ServerCertificateName, ServerCertificateNameComparison, " "ProtectedAccessCredential, and PACPassword should be null.\n" "\t* EAP-AKA (9): shall indicate that the desired EAP " "type is the EAP Method for 3rd Generation Authentication " "and Key Agreement (EAP-AKA), specified in RFC 4187. If " "AuthenticationProtocol contains 9, Username and PSK " "should not be null, Domain and RoamingIdentity may be " "null or not null, and Password, ServerCertificateName, " "ServerCertificateNameComparison, " "ProtectedAccessCredential, and PACPassword should be null.\n" "\t* EAP-FAST/TLS (10): shall indicate that the desired " "EAP type is the Flexible Authentication EAP type " "specified in IETF RFC 4851, with TLS as the inner " "authentication method. If AuthenticationProtocol " "contains 10, Username and Password should not be null, " "RoamingIdentity, ServerCertificateName, " "ServerCertificateNameComparison, Domain, " "ProtectedAccessCredential, and PACPassword may be null " "or not null, and PSK should be null." ), ValueMap { "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "10", ".." }, Values { "EAP-TLS", "EAP-TTLS/MSCHAPv2", "PEAPv0/EAP-MSCHAPv2", "PEAPv1/EAP-GTC", "EAP-FAST/MSCHAPv2", "EAP-FAST/GTC", "EAP-MD5", "EAP-PSK", "EAP-SIM", "EAP-AKA", "EAP-FAST/TLS", "DMTF Reserved" }, MappingStrings { "RFC4017.IETF", "RFC2716.IETF", "draft-ietf-pppext-eap-ttls.IETF", "draft-kamath-pppext-peapv0.IETF", "draft-josefsson-pppext-eap-tls-eap", "RFC4851.IETF", "RFC3748.IETF", "RFC4764.IETF", "RFC4186.IETF", "RFC4187.IETF" }] uint16 AuthenticationProtocol; [Description ( "A string presented to the authentication server in " "802.1x protocol exchange. The AAA server determines the " "format of this string. Formats supported by AAA servers " "include: \\, @." )] string RoamingIdentity; [Description ( "The name that shall be compared against the subject name " "field in the certificate provided by the AAA server. " "Shall contain either the fully qualified domain name of " "the AAA server, in which case " "ServerCertificateNameComparison shall contain " "\"FullName\", or the domain suffix of the AAA server, in " "which case ServerCertificateNameComparison shall contain " "\"DomainSuffix\"." ), ModelCorrespondence { "CIM_IEEE8021xSettings.ServerCertificateNameComparison" }] string ServerCertificateName; [Description ( "The comparison algorithm that shall be used by the " "server to validate the subject name field of the " "certificate presented by the AAA server against the " "value of the ServerCertificateName property." ), ValueMap { "1", "2", "3", ".." }, Values { "Other", "FullName", "DomainSuffix", "DMTF Reserved" }, ModelCorrespondence { "CIM_IEEE8021xSettings.ServerCertificateName" }] uint16 ServerCertificateNameComparison; [Description ( "Identifies the user requesting access to the network." ), MappingStrings { "RFC2716.IETF", "draft-ietf-pppext-eap-ttls.IETF", "draft-kamath-pppext-peapv0.IETF", "draft-josefsson-pppext-eap-tls-eap", "RFC4851.IETF", "RFC3748.IETF", "RFC4764.IETF", "RFC4186.IETF", "RFC4187.IETF" }] string Username; [Description ( "A password associated with the user identified by " "Username within Domain." ), MappingStrings { "draft-ietf-pppext-eap-ttls.IETF", "draft-kamath-pppext-peapv0.IETF", "draft-josefsson-pppext-eap-tls-eap", "RFC4851.IETF", "RFC3748.IETF" }] string Password; [Description ( "The domain (also known as realm) within which Username is unique." ), MappingStrings { "draft-ietf-pppext-eap-ttls.IETF", "draft-kamath-pppext-peapv0.IETF", "draft-josefsson-pppext-eap-tls-eap", "RFC4851.IETF", "RFC3748.IETF", "RFC4764.IETF", "RFC4186.IETF", "RFC4187.IETF" }] string Domain; [Description ( "A credential used by the supplicant and AAA server to " "establish a mutually authenticated encrypted tunnel for " "confidential user authentication." ), OctetString, MappingStrings { "RFC4851.IETF" }] uint8 ProtectedAccessCredential[]; [Description ( "Optional password to extract the PAC (Protected Access " "Credential) information from the PAC data." ), MappingStrings { "RFC4851.IETF" }] string PACPassword; [Description ( "A pre-shared key used for pre-shared key EAP types such " "as EAP-PSK, EAP-SIM, and EAP-AKA." ), OctetString, MappingStrings { "RFC4764.IETF", "RFC4186.IETF", "RFC4187.IETF" }] uint8 PSK[]; };